IN THE CLAIMS: 



1 . (currently amended) A service provider system for 
implementing changes in the security o f a plurality of customer 
systems with a first subsystem (1 ) that does not have data as to the 
system characteristics of individual c ustomer systems, comprising: 
means for providing activation tokens (6, 7, 8) to be transmitted to at 
least two one customers with a second subsystem (2) for receiving 
said activation tokens, said means for providing activation tokens 
(6, 7, 8) including means for providing activation information (7) and 
means for naming of system characteristics of a plurality of second 
subsystems in machine readable and filterable manner (6), wherein 
the relevance of said activation information to said second 
subsystem (2) can be determined by said second subsystems 
checking whether said second subsystem (2) has characteristics 
corresponding to said naming of said activation token, so that receipt 
bv a customer system of an activation toke n does not indicate 
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whether that token is relevant to the second subsystem of that 
customer . 

2. (currently amended) Service provider system as claimed in 
claim 1 , wherein said means for providing activation tokens (6, 7, 8) 
include cryptographic means (8) for encrypting the activation tokens 
and signing means for producing a verification information lik e a 
cignature, to be verified by said second subsystem (2) of said 
customer. 

3. (Currently amended) A customer system with a second 
subsystem (2) for receiving activation tokens, including both tokens 
relevant to said customer system and tokens not relevant to said 
customer system, provided by a service provider with a first 
subsystem that does not have data as to the system characteristics 
of individual customer systems, for implementing changes in the 
security of said customer system (1), said activation tokens including 
activation information and naming of system characteristics in 
machine readable and filterable manner, 
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said second subsystem (2) comprising: 

receiving means (1 1) for controlling said receiving of said activation 
tokens, 

checking means (12) for automatically determining whether said 
activation information is relevant for said second subsystem (2) by 
checking whether said second subsystem (2) has characteristics 
corresponding to said naming of an activation token, and 
transforming means (13) for transforming relevant activation 
information into at least one activation measure for said second 
subsystem (2) that implements a change in the sec urity of said 
customer system . 

4. (currently amended) Customer system as claimed in claim 
3, wherein said receiving means (1 1 ) include cryptographic means 
for verifying said service provider as being the provider of said 
activation token and/or and admitting means for controlling whether 
said service provider is legitimated to send activation tokens to said 
customer. 
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5. (original) Customer system as claimed in claim 3, wherein 
said transforming means (13) include at least one set of filter 
parameters to enable transforming of said relevant activation 
information into at least one acceptable activation measure. 

6. (Currently amended) Customer system as claimed in claim 
3, wherein said second subsystem (2) includes implementation 
means (14) for automatically implementing at least one activation 
measure and reporting implemented activati o n measures, whorein 
said socond subsystem (2) is a wobserver . 

7. (cancelled) Customer system as claimed in claim 3, wherein 
said implementation means (14) include at least one reporting 
means for reporting implemented activation measures. 

8. (cancelled) Customer system as claimed in claim 3, wherein 
said checking means (12) is checking whether said second 
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subsystem (2) has a version, platform and/or a configuration 
corresponding to said naming of an activation token. 

9. (currently amended) Customer system as claimed in claim 
3, wherein said receiving means (11), checking means (12) and 
transforming means (1 3) of said second subsystem (2) are part of an 
apoptosis system realized by at least one means out of the group of 
a daemon, a kernel module, an initab, an inetd, tcp-wrapper, a 
rpcbind, a resource manager, a network management, li ko T i vol i or 
HP Oponview, and a hardware device. 

1 0. (Currently amended) A system for supplying activation 
information to a subsystem, said system comprising: 

a service provider with a first subsystem (1 ) that does not have data 
as to the svstem characteristics of individual customer s ystems, for 
providing activation tokens for implementing chang es in the security 
of a plurality of customer systems and to at least ©ne two customers 
with a second subsystem (2) for receiving said activation tokens 
including both tokens relevant to said custome r svstem and tokens 
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not relevant to said customer system , said activation tokens 
including activation information and naming of system characteristics 
of a plurality of second subsystems in machine readable and 
filterable manner, wherein said second subsystem (2) comprises 
receiving means (1 1) for controlling said receiving of said activation 
tokens, checking means (12) for automatically determining whether 
said activation information is relevant for said second subsystem (2) 
by said second subsystem checking whether said second subsystem 
(2) has characteristics corresponding to said naming of an activation 
token , so that receipt bv a customer system o f an activation token 
does not indicate whether that token is relevant to the second 
subsystem of that customer, and transforming means (13) for 
transforming relevant activation information into at least one 
activation measure for said second subsystem (2). 

1 1 . (Currently amended) System as claimed in claim 1 0, wherein 
said receiving means (11) include cryptographic means for verifying 
said service provider as being the provider of said activation token, 
and/or and wherein said receiving means (11) include admitting 
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means for controlling whether said service provider is legitimated to 
send activation tokens to said customer. 

12. (original) System as claimed in claim 10, wherein said 
transforming means (13) include at least one set of filter parameters 
to enable transforming of said relevant activation information into at 
least one acceptable activation measure. 

13. (original) System as claimed in claim 10, wherein said 
second subsystem (2) includes implementation means (14) for 
implementing at least one activation measure. 

14. (original) System as claimed in claim 13, wherein said 
implementation means (14) include at least ane reporting means for 
reporting implemented activation measures. 

15. (original) System as claimed in claim 10, wherein said 
naming includes the specification of a version, platform and a 
configuration corresponding to said second subsystem (2). 
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16 . (currently amended) System as claimed in claim 10, wherein 
said receiving means (11), checking means (12) and transforming 
(13) means of said second subsystem (2) are part of an apoptosis 
system realized by at least one means out of the group of a daemon, 
a kernel module, an inittabo an inetd, tcp-wrapper, a rpcbind, a 
resource manager, a network management, l i ko T i vo li or HP 
Oponv ie w, and a hardware device. 

17. (original) System as claimed in claim 13, wherein said 
system is reducing the vulnerability of said second subsystem (2) by 
automatically implementing activation measures at said second 
subsystem(2). 

1 8. (original) A method for providing activation information by a 
service provider with a first subsystem (1) to a customer with a 
second subsystem (2) comprising the step of: 

providing activation tokens by said service provider, wherein said 
activation tokens include readable activation information and naming 
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of corresponding system characteristics in machine readable and 
filterable manner. 

1 9. (Currently amended) Method as claimed in claim 1 8, wherein 
said step of providing activation tokens includes a cryptographic step 
for encrypting the activation tokens and/or and a signing step for 
producing a verification information l i ko a s i gnature, to be verified by 
said second subsystem (2) of said customer. 

20. (Cancelled) Method as claimed in claim 18, wherein the step 
of providing activation tokens further comprises the step of naming 
by specifying a version, platform and a configuration and/or the step 
of structuring activation information. 

21. (currently amended) A method for using activation 
information for implementing changes in the security of a plurality of 
customer systems by a customer with a second subsystem (2), said 
activation information being provided by service provider with a first 
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subsystem (1) that does not have data as to the system 
characteristics of individual customer systems, to at least two 
customers in the form of activation tokens including said activation 
information and naming of corresponding system characteristics pla 
plurality of second subsystems in machine readable and filterable 
manner, said method comprising the steps of: 
receiving sate both relevant and non-relevant activation tokens by 
said second subsystem (2), automatically determining whether said 
activation information is relevant for the second subsystem (2) by 
automatically checking by said second subsystem (2) whether said 
second subsystem (2) has characteristics corresponding to said 
naming of an activation token , so that receipt bv a customer system 
of an activation token does not indicate whether that token is 
relevant to the second subsystem of that customer and transforming 
relevant activation information into at least one activation measure 
for said second subsystem(2). 

22. (Currently amended) Method as claimed in claim 21 , further 
comprising the step of verifying at said second subsystem (2) 
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whether said service provider is legitimated to send activation tokens 
to said customer. 

23. (original) Method as claimed in claim 21 , wherein said 
transforming includes filtering of said activation information by at 
least one set of filter parameters to get at least one acceptable 
activation measure. 

24. (Currently amended) Method as claimed in claim 21 , further 
comprising the step(s) of implementing at least one activation 
measure and/or and reporting implemented activation measures. 

25. (currently amended) Method as claimed in claim 21 , wherein 
said checking by said second subsystem (2) includes checking 
whether said second subsystem (2) has a version, platform and/or or 
configuration corresponding to said naming of an activation token. 
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26. (original) Method as claimed in claim 21 , further comprising 
a step of automatically implementing at least one activation measure 
to said second subsystem (2). 

27. (Currently amended) Method as claimed in claim 26, further 
comprising the step of automatically implementing at least one 
activation measure leads to a reduction of vulnerability of said 
second subsystem (2) and/or and enables a shutdown of a service 
of said second subsystem (2). 

28. (currently amended) A computer program comprising 
program code means for performing the method of any ono of the 
claims 18 to 27 claim 21 when said program is run on a computer. 

29. (currently amended) A computer program product 
comprising program code means stored on a computer readable 
medium for performing the method of any on e of tho claimc 1 8 to 27 
claim 21 when said program is run on a computer. 
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